code logs -> 2017 -> Mon, 09 Jan 2017< code.20170108.log - code.20170110.log >
--- Log opened Mon Jan 09 00:00:33 2017
00:14 Kindamoody is now known as Kindamoody[zZz]
01:02 himi [sjjf@Nightstar-dm0.2ni.203.150.IP] has joined #code
01:02 mode/#code [+o himi] by ChanServ
01:17 catadroid [catalyst@Nightstar-2k0p46.dsl.teksavvy.com] has quit [Ping timeout: 121 seconds]
01:24 catadroid [catalyst@Nightstar-2k0p46.dsl.teksavvy.com] has joined #code
02:40 catadroid` [catalyst@Nightstar-2k0p46.dsl.teksavvy.com] has joined #code
02:40 catadroid [catalyst@Nightstar-2k0p46.dsl.teksavvy.com] has quit [Connection closed]
04:42 Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has quit [Ping timeout: 121 seconds]
04:42 Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has joined #code
04:42 mode/#code [+qo Vornicus Vornicus] by ChanServ
06:01
<&[R]>
<[> https://www.bleepingcomputer.com/news/security/mongodb-apocalypse-is-here-as-ran som-attacks-hit-10-000-servers/
06:01
<&[R]>
"The attacks don't target all MongoDB databases, but only those left accessible via the Internet and without a password on the administrator account." <-- 10k servers? FFS. This isn't 1990.
07:09 himi [sjjf@Nightstar-dm0.2ni.203.150.IP] has quit [Ping timeout: 121 seconds]
07:27
<&McMartin>
[R]: 25% of all servers
07:27
<&McMartin>
maybe it is 1990.
07:32
<@Tamber>
I thought it was 1993, still?
07:36
<&[R]>
Completely fucked up. Silly thing is it is actually multiple groups
07:37 celticminstrel is now known as celmin|sleep
07:44
<&[R]>
McMartin: also it's only 25% of /publicly assecible/ servers.
07:44
<&[R]>
Which is apparently 10k.
07:45
<&[R]>
So there's 40k MongoDB servers with ports open to the public internet.
07:45
<&[R]>
(Probably similar deal with MySQL)
08:35
<&McMartin>
https://twitter.com/SwiftOnSecurity/status/818290067328352256?ref_src=twsrc%5Etf w
08:35
<&McMartin>
Speaking of
09:14 himi [sjjf@Nightstar-v37cpe.internode.on.net] has joined #code
09:14 mode/#code [+o himi] by ChanServ
09:25 Kindamoody[zZz] is now known as Kindamoody
09:33 Kindamoody is now known as Kindamoody|afk
09:50 macdjord is now known as macdjord|slep
10:28 * abudhabi restores his Nokia 1616 to its former greatness!
14:11 himi [sjjf@Nightstar-v37cpe.internode.on.net] has quit [Ping timeout: 121 seconds]
14:35 catadroid` is now known as catadroid
14:50 Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has quit [Ping timeout: 121 seconds]
15:37 catadroid` [catalyst@Nightstar-2k0p46.dsl.teksavvy.com] has joined #code
15:37 catadroid [catalyst@Nightstar-2k0p46.dsl.teksavvy.com] has quit [Connection closed]
16:20 starkruzr [quassel@Nightstar-rvt4le.fios.verizon.net] has quit [Connection closed]
17:13 macdjord|slep is now known as macdjord|wurk
17:31 starkruzr [quassel@Nightstar-rvt4le.fios.verizon.net] has joined #code
17:31 mode/#code [+ao starkruzr starkruzr] by ChanServ
17:43 celmin|sleep [celticminst@Nightstar-h4m24u.dsl.bell.ca] has quit [[NS] Quit: KABOOM! It seems that I have exploded. Please wait while I reinstall the universe.]
17:44 celticminstrel [celticminst@Nightstar-h4m24u.dsl.bell.ca] has joined #code
17:44 mode/#code [+o celticminstrel] by ChanServ
18:02 catadroid` is now known as catadroid
18:24
<&jerith>
...
18:25
<&jerith>
I have no sympathy for people dumb enough to not only leave their databases wide open to the public internet, but also to run mongodb with no backups.
18:26
<&jerith>
This is a datastore that is notorious for the number of data loss bugs it's had.
19:10
<@Namegduf>
MySQL doesn't ship open to the public Internet. Does Mongo?
19:10
<@Namegduf>
This stuff is talking about "left open" a lot.
19:10
<@Namegduf>
If that's accurate then jeeze.
19:12
<@Namegduf>
Looks like the RPM limits it.
19:13
<@Namegduf>
I don't like how the Mongo people say "the most popular installer (RPM) limits network access to localhost". That's a lot more contingent than "it doesn't listen publicly by default" ought to be.
19:13
<@Namegduf>
(https://www.mongodb.com/blog/post/how-to-avoid-a-malicious-attack-that-ransoms- your-data)
19:24
<&[R]>
Oh right MySQL does that UNIX socket by default thing, right.
19:49 catadroid` [catalyst@Nightstar-2k0p46.dsl.teksavvy.com] has joined #code
19:49 catadroid [catalyst@Nightstar-2k0p46.dsl.teksavvy.com] has quit [Connection closed]
20:02
<@Namegduf>
Yes, MongoDB defaults to binding on all interfaces.
20:02
<@Namegduf>
Wow.
20:02
<@Namegduf>
And it doesn't setup a root password as part of the install process last I saw, either.
20:04
<@Namegduf>
It looks like as of 2.6 default .deb and .rpm packages contain a config line to set it to 127.0.0.1, but if omitted or built in another way it defaults to all interfaces.
20:04
<@Namegduf>
MongoDB truly is 90s software in more than just data integrity.
20:07
<@Reiv>
It was developed a lot later than that, though, right
20:08
<@Namegduf>
Yes, initial release 2009
20:10 catadroid [catalyst@Nightstar-2k0p46.dsl.teksavvy.com] has joined #code
20:10 catadroid` [catalyst@Nightstar-2k0p46.dsl.teksavvy.com] has quit [Connection closed]
20:50 himi [sjjf@Nightstar-v37cpe.internode.on.net] has joined #code
20:50 mode/#code [+o himi] by ChanServ
20:50
<&jeroud>
Still a better temporal offset than golang. :-P
20:51 catadroid` [catalyst@Nightstar-2k0p46.dsl.teksavvy.com] has joined #code
20:51 catadroid [catalyst@Nightstar-2k0p46.dsl.teksavvy.com] has quit [Connection closed]
20:55
<&[R]>
What's golang's problem?
21:00
<&jeroud>
It's the best language 1980 could give us. In 2017.
21:01
<&jeroud>
My personal objections to it are mostly philosophical.
21:03
<&jeroud>
They claim they want a safe type system, and then they give it a crappy type system with implicit signature-based interfaces and no support for type-preserving generics.
21:03
<&jeroud>
They claim exceptions are a bad idea, and then they implement panics which are like exceptions but more awkward.
21:04
<&jeroud>
Stuff like that.
21:05
<@Reiv>
What's the point of this language, then?
21:05
<&jeroud>
Google wanted a thing, so Google made a thing.
21:06
<@Reiv>
I am willing to assume Google would have developed something for a reason.
21:06
<&jeroud>
It's not an objectively terrible language in the way PHP and JS-from-a-few-years-ago are terrible languages.
21:07
<&jeroud>
And it has some features that make it useful for Google.
21:07
<&jeroud>
But it could have been so much better with just a little more thought.
21:08
<@Namegduf>
Golang's basic idea is to achieve correctness by being simple and legible enough that you can easily read code and understand all the semantics of it, as well as having a lot of little details which mean in practice simple code tends to be correct code, and you rarely need to have lots of checks for it to be right.
21:08
<&[R]>
Working out better than dart is
21:08
<&ToxicFrog>
Sadly, it doesn't actually work that way in practice.
21:08
<@Namegduf>
It's basically the opposite of Rust, whose idea is to achieve correctness with a powerful typing system that lets you enforce it, at the cost of complexity
21:09
<@Namegduf>
Both are members of the class of "languages designed with some actual thought to optimising for being good tools" which arose after the kitchen sink era
21:09
<&ToxicFrog>
Reiv: we wanted something to replace C++ in a safer manner without sacrificing performance and Rust didn't exist yet, and somehow we ended up with Go :/
21:09
<@Namegduf>
And I like both more than the kitchen sink languages
21:09
<&jeroud>
A powerful type system is a wonderful tool.
21:09
<&McMartin>
Reiv: Everything I've seen of Go is that its development was motivated by the fact that Python is bad at multithreading
21:10
<@Namegduf>
It was made by a bunch of old C people so I think they had other beefs but that could be part of it
21:10
<&jeroud>
What golang has is a thing that you placate rather instead of a thing you work with.
21:10
<@Namegduf>
It's not very Python-like in a lot of other respects; they aimed for "minimal without having complex DSLs built on it"
21:12
<&jeroud>
The more OCaml I write the more I like the language.
21:13
<@Namegduf>
I need to revisit Rust
21:13
<@Namegduf>
Last I was looking at it it was still relatively early in development, and they were trying to tweak to fix verbosity problems
21:13
<&McMartin>
It's still pretty verbose
21:14
<&jeroud>
It's incredibly simple, has a very powerful type system, compiles to reasonably high-performance binaries, and has the best package manager I've seen in any language environment.
21:14
<&McMartin>
It always will be, because Rust is very firmly in the "thing you placate" bin.
21:14
<&McMartin>
In fact, I might go so far as to say that in Rust the type system is the thing you must defeat
21:14
<@Namegduf>
Haha
21:15
<@Namegduf>
One thing I liked in Go was that generally if my code compiled it worked; Rust I imagine is even more strongly that but harder to persuade to compile
21:15
<&McMartin>
I happen to give it a pass for this despite sharing jeroud's preferences for what type systems are for, because Rust is in fact buying something with that
21:15
<@Namegduf>
Yeah
21:16
<@Namegduf>
(It's a valid point that this isn't something Go optimises for hard; it's just as soon as you're actually trying it's not hard to beat Java and the Python/Ruby/etc languages.)
21:16
<&jeroud>
For a long time I hated static type systems because my experience with them was in Pascal, C, and Java.
21:17
<&jeroud>
All of which have pretty awful type systems.
21:17
<&jeroud>
(Although the first two get some slack for being very old and pretty close to the metal.)
21:17
<@Namegduf>
Yeah
21:18
<@Namegduf>
I don't mind the core of Java too bad- it's obnoxious but livable, and IDE-centric is legitimate enough I guess
21:18
<&jeroud>
Same as COBOL.
21:18
<@Namegduf>
It's just the entire ecosystem and implementation that's wrong
21:18
<&McMartin>
Yes, the problem with Java is mostly OOP culture
21:18
<&McMartin>
The last person I talked to who hated rust also hated OOP culture
21:19
<@Namegduf>
And doing anything with the stdlib is like trying to get over a wall given a bunch of beachballs and rope
21:19
<&jeroud>
Such a horrible language, but also the language in which we learned that a lot of things were actually bad ideas.
21:19
<&McMartin>
That is, he saw some sample code and it was using the builder pattern and this caused him to vomit blood from his eye sockets
21:19
<@Namegduf>
It's really clearly not designed around accomodating any particular usecases
21:20
<&McMartin>
Namegduf: Interestingly, it's got a handful of things where it's not only good enough, but better than most standard 3rd-party C++ libraries...
21:20
<&jeroud>
I very much mind the core of Java.
21:20
<&McMartin>
image processing and networking are the two big ones
21:20
<&jeroud>
The JVM isn't too terrible, though.
21:20
<&McMartin>
java.net.Socket in particular gives you stuff as trivial methods that as far as I can tell you *cannot* do with libcurl
21:20
<&McMartin>
Mostly involving how to handle various kinds of timeouts
21:21
<&McMartin>
The JVM is pretty bad
21:21
<@Namegduf>
Yeah, networking isn't too bad, the main annoyances are just those you get from not getting a language with lightweight threading
21:21
<@Namegduf>
Which C++ lacks as well
21:21
<&McMartin>
The C++ stdlib still lacks a sensible way of referring to filenames
21:21
<&McMartin>
It is not exactly a shining example here
21:21
<&ToxicFrog>
McMartin: the JVM is pretty neat if you're in the "writes code in languages that compile to JVM bytecode" camp rather than the "writes compilers targeting the JVM camp"~
21:22
<&ToxicFrog>
(at least until you need to release on windows, but that's more a JRE packaging problem than a JVM problem per se)
21:22
<&jeroud>
Another thing I really like about OCaml is how little boilerplate you need.
21:22
<@Namegduf>
We've kind of solved the JVM-is-hideously-slow-to-start problem by just throwing more powerful machines at it
21:22
<&McMartin>
Namegduf: Also by realizing that the thing it bought (mostly actual Unicode support) was a thing everyone desperately needed
21:23
<&McMartin>
So now if the JVM wasn't paying that cost Pango or whatever is
21:23
<&jeroud>
Because you can factor out all sorts of things in functional languages that you can't really factor out in OOP languages.
21:23
<@Namegduf>
Eh. Other stuff with great Unicode support doesn't start slow.
21:23
<&McMartin>
jeroud: My experiences with OCaml have been spectacularly clunky; I'd be curious to know your library/toolchain setup.
21:23
<@Namegduf>
You need some hundreds of kilobytes of memory, maybe 1MB for the tables
21:24
<@Namegduf>
But I don't think the startup has to suck beyond that
21:24
<&jeroud>
McMartin: Was it more than a handful of years ago?
21:24
<&jeroud>
Because stuff has improved spectacularly in that time.
21:24
<@Namegduf>
I love how Sun basically threw away a huge market in in-browser apps just by sucking at performance so hideously
21:24
<&McMartin>
Very yes, but attempts to revisit have foundered on the fact that everything that has improved for it seems to be Linux-specific
21:25
<&McMartin>
Namegduf: They were mostly engineers
21:25
<&McMartin>
Those engineers listened to us when we raised the alarms that we kept raising for 15 years
21:25
<&McMartin>
Sun listened, Adobe didn't
21:25
<&jeroud>
McMartin: Windows support is a bit spotty in places.
21:25
<&McMartin>
Java died like we wanted it to, Flash didn't for another decade
21:26
<&McMartin>
jeroud: OK, the last time I chacked you basically couldn't do anything without the Jane Street (?) libraries, and that meant "windows support is spotty" means "no modern practitioner's code will run on Windows regardless of what it does"
21:27
<&McMartin>
While in Perl "Windows support is spotty" meant "it is possible to write cross-platform code but you'll need to do work to make other people's code work, once", and Python's was "they probably forgot to specify whether stdout is text or binary, so maybe add a line if you care about that"
21:27
<&McMartin>
This forms a rather nice spectrum~
21:27
<&jeroud>
Ah. Jane Street's Core isn't the only game in town, but it's one of the best supported.
21:28
<&jeroud>
For async I/O I much prefer lwt.
21:31
<&McMartin>
If I were to work with an OCamloid in the near future it would probably be trying to drive DirectX with F#.
21:32
<&McMartin>
(I think some of the other thing that has constrained my work lately is that the stuff I'm interested in writing has a 'shape' that experimental languages don't want to work with.)
21:33
<&ToxicFrog>
I still need to finish advent-of-coding and then play with squidlib some more, I think
21:33
<&ToxicFrog>
In my copious free time ha ha ha
21:33
<&jeroud>
F# is nice, but the edges where it touches the rest of .NET aren't as clean as I'd like.
21:38
<&McMartin>
Yeah, it's relevant here that almost all my hobby coding lately has been in assembler
21:38
<&McMartin>
I've got enough of a base to understand what is being offered by contemporary dev tools and that means *that* is enough that I can move my DOS projects over to pure C
21:40
<&ToxicFrog>
My current hobby coding goal is "refamiliarize myself with clojure, then play around with roguelike stuff in it"; AoC is the first half of that.
21:40 * McMartin nods
21:40
< catadroid`>
(((((ToxicFrog)))))
21:40 catadroid` is now known as catadroid
21:41
<&ToxicFrog>
Which will involve a bunch of getting dirty around in the clojure/java interface, gambling that calling into java will be easier/more fun than reimplementing all those LOS algorithms myself.
21:41
<&ToxicFrog>
catadroid!
21:41 * ToxicFrog snoggles
21:41
<&ToxicFrog>
I am just about to leave work
21:41
< catadroid>
Cool beans
21:41
<&McMartin>
My next two programs will probably be an instrument editor for the Adlib chip and an instrument *ripper* for stuff from the Id Music Format or things convertible two it (like DosBox OPL command recordings :3)
21:46 * ToxicFrog glares at this build to finish faster
21:49 himi [sjjf@Nightstar-v37cpe.internode.on.net] has quit [Ping timeout: 121 seconds]
21:51
<&jeroud>
ToxicFrog: My experience with Clojure has mostly been writing tests and wrappers for the Java code I needed to submit to a Coursera algorithms thing.
21:52
<&jeroud>
Interacting with that Java code was really easy.
21:53
<&jeroud>
It might be a little trickier if you need to pass in objects that implement some interface, but I believe that's not too bad either.
22:01 Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has joined #code
22:01 mode/#code [+qo Vornicus Vornicus] by ChanServ
22:10 Kindamoody|afk is now known as Kindamoody
22:27
<&McMartin>
jeroud: That's actually alarmingly simple
22:28
<&McMartin>
reify is pretty great
22:34
< catadroid>
reify is neat
22:34
< catadroid>
And taught me a word
22:46 starkruzr [quassel@Nightstar-rvt4le.fios.verizon.net] has quit [Connection closed]
22:56 starkruzr [quassel@Nightstar-rvt4le.fios.verizon.net] has joined #code
22:56 mode/#code [+ao starkruzr starkruzr] by ChanServ
22:59 catadroid [catalyst@Nightstar-2k0p46.dsl.teksavvy.com] has quit [Ping timeout: 121 seconds]
23:07 * Vornicus feels like he should learn other langauges but keeps getting grumpy 'cause his own libs for eveything are all in languages he already knows and it takes waaaay too long to get going and runs out of enthusiasm
23:08
<~Vornicus>
Well, that and "fuck installing more than one thing to get started"
23:27 catadroid [catalyst@Nightstar-2k0p46.dsl.teksavvy.com] has joined #code
23:34
<&McMartin>
http://pastebin.starforge.co.uk/6
23:34
<&McMartin>
The OPL2 has quite a few more knobs than the SID does
23:36
<&McMartin>
(the "A0:XX" section is where it will be dumping config registers)
23:39
<&McMartin>
Vorn: Which languages do you command besides Python
23:46
<~Vornicus>
on a regular basis, lua, js, php.
23:48
<~Vornicus>
well and sql I guess but I usually don't use anything procedural here
23:51
<~Vornicus>
(the list of languages I *know* is much larger, at some point I counted and it was like 30+, but none of them are anywhere near the ocaml or haskell neighborhoods)
23:54
<&McMartin>
My Adlib instrument ripper should really be in Python, but I'm tempted to write it in C just for drill and also so it can be a .COM file
23:55
<&McMartin>
(The instrument *editor* has to be DOS-runnable since it will be testing results by sending the values to a notional Adlib card)
23:59 himi [sjjf@Nightstar-dm0.2ni.203.150.IP] has joined #code
23:59 mode/#code [+o himi] by ChanServ
--- Log closed Tue Jan 10 00:00:34 2017
code logs -> 2017 -> Mon, 09 Jan 2017< code.20170108.log - code.20170110.log >

[ Latest log file ]